The bad password habits we just can't break

Despite a range of alternative authentication technologies, many systems still rely on passwords for their security. But a new study from Dashlane shows we’re still pretty bad at password selection.

The analysts used research from Dr Gang Wang, an assistant professor in the Department of Computer Science at Virginia Tech, which analyzed over 61 million passwords.

Dashlane researchers examined the data for patterns, highlighting simple mistakes that continue to be made by people who use passwords in daily life. Researchers found patterns across the keyboard, from not-so-randomly chosen letters and numbers to popular brands and bands, and even passwords created out of apparent frustration.

"It is difficult for humans to memorize unique passwords for the 150+ accounts the average person has," says Dr Wang. "Inevitably, people reuse or slightly modify them, which is a dangerous practice. This danger has been amplified by the massive data breaches which have given attackers more effective tools for guessing and hacking passwords."

Among the findings is a high frequency of what is called 'password walking' -- passwords containing combinations of letters, numbers, and symbols that are adjacent to one another on the keyboard. This highlights the apathetic attitude most users have towards passwords, preferring convenience over security. Examples of walked passwords include the obvious, qwerty and 123456, but also combinations like 1q2w3e4r and 1qaz2wsx.

Other themes uncovered include the use of brand names, movies, bands and football clubs. Passwords on a love/hate theme such as iloveyou, ihateyou, f**kyou and similar are also in common use.

You can find out more and see lists of some of the most commonly used passwords on the Dashlane blog.